TLS 1.0 and 1.1 Deprecation

At WhosOnLocation, we use Transport Layer Security (TLS) to secure communication between WhosOnLocation and client apps that communicate with us.

To strengthen the security of our customers data, WhosOnLocation will no longer support TLS 1.0 or TLS 1.1 from 1 September 2018. This aligns WhosOnLocation's security with a number of other online services such as Salesforce, Xero and in October, Microsoft Office 365.

If your WhosOnLocation users or Kiosks are already using a recent web browser version that supports TLS 1.2 then there’s nothing for you to do. But if they are using an older web browser such as Internet Explorer 9 or 10, you should check to make sure it can support TLS 1.2. TLS 1.2 has been available for a while now and we recommend you enable or upgrade to this latest version if possible.

The reason for change

There are a number of reasons for this change, but the primary ones are:

Vulnerabilities in TLS 1.0 - there are no fixes or patches that are able to address the underlying vulnerabilities with one of these security mechanisms. These vulnerabilities were addressed in subsequent versions for TLS.

PCI-DSS compliance - while we do not process credit card payments or collect credit card payment information ourselves, we do try to align ourselves with the industry standard security recommendations which PCI-DSS compliance requires.

What do I need to do?

Check that all WhosOnLocation Kiosk web browsers supports TLS 1.2

Check that all users can access WhosOnLocation with a TLS 1.2 supported web browser

If you sync your Active Directory with WhosOnLocation via our AD Sync or Sync Portal scripts, ensure that you are running the latest script version which supports TLS 1.2. Support is noted by the line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 before Invoke-RestMethod, this can be added manually if missing.

If you communicate with the WhosOnLocation API, ensure that the client software supports TLS 1.2